Add a user info scope and thread it through the code. Protect the org modification API.

2014-03-18 19:21:27 -04:00 · 2014-03-18 19:21:27 -04:00 · 64071b9e8e
commit 64071b9e8e
parent 89556172d5
13 changed files with 144 additions and 115 deletions
--- a/endpoints/api/trigger.py
+++ b/endpoints/api/trigger.py
@ -14,7 +14,7 @@ from endpoints.common import start_build
 from endpoints.trigger import (BuildTrigger, TriggerDeactivationException,
                               TriggerActivationException, EmptyRepositoryException)
 from data import model
-from auth.permissions import UserPermission
+from auth.permissions import UserAdminPermission


 logger = logging.getLogger(__name__)
@ -103,7 +103,7 @@ class BuildTriggerSubdirs(RepositoryParamResource):
      raise NotFound()

    handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
-    user_permission = UserPermission(trigger.connected_user.username)
+    user_permission = UserAdminPermission(trigger.connected_user.username)
    if user_permission.can():
      new_config_dict = request.get_json()